Friday, June 7, 2013

The Director of National Intelligence, James Clapper, stated..."The release of this classified, (read secret), program is Reprehensible!"

....
On March 12, James Clapper squirmed as he tried to avoid answering questions about surveillance of Americans. Then, this week, back to back revelations by the Guardian and the Washington Post that NSA has been spying on Americans, and the NSA programs are so secret our elected officials cannon even mention it, provoked Director Clapper to lash out at the journalists.http://www.guardian.co.uk/world/2013/jun/07/us-tech-nsa-data-clapper

Clapper said the Fisa Court had established procedures preventing the government “indiscriminately sifting” through the collected phone records. “The court only allows the data to be queried when there is a reasonable suspicion, based on specific facts, that the particular basis for the query is associated with a foreign terrorist organisation,” Clapper said. “Only a small fraction of the records are ever reviewed” by “specifically cleared counterterrorism personnel”.

At the same time, Clapper said national security required the NSA to collect all the Verizon subscriber data, even if not all the data would be analysed, and regardless of any evidence to link the phone records to crime, foreign espionage or terrorism. On Thursday, the Wall Street Journal reported that other telecoms received similar orders from the government for the subscriber data.

“The collection is broad in scope,” Clapper wrote, “because more narrow collection would limit our ability to protect the nation from terrorist threats to the United States, as it may assist counterterrorism personnel to discover whether known or suspected terrorists have been in contact with other persons who may be engaged in terrorist activities.”

Yet the collection does not need to be tied to terrorism to occur – something that alarmed one Democrat senator, Jeff Merkley. He told the Guardian on Thursday that the sweeping “barn-door” collection appeared to violate the provision of the Patriot Act purportedly authorising it.

“We can't really propose changes to the law unless we know what the words mean as interpreted by the court,” Merkley said.

Clapper reiterated a point the Obama administration made on Thursday in its response to the Guardian’s story: the NSA’s dragnet of Verizon phone records, which the Fisa Court authorised until 19 July, does not include the “content of any communications or the identity of any subscriber”. Yet the so-called “metadata” – phone numbers, duration of calls – can be combined with publicly available information to easily determine subscriber identity. And a second NSA surveillance effort, disclosed by the Guardian on Thursday and codenamed PRISM, collects the content of communications provided through Google, Facebook, Microsoft, Apple and five other large internet companies.

Clapper came under criticism on Thursday for statements to Democrat senator Ron Wyden that appeared to be contradicted by the revelations of the surveillance programs. Asked in March whether “millions” of Americans had “any kind of [their] data” collected by the US government, Clapper replied: “Not wittingly. There are cases where they could inadvertently perhaps collect, but not wittingly."

He has denied misleading Congress, but Clapper’s statement on Thursday suggested the collection of Americans’ phone records was deliberate, methodical and institutionalised.

“Discussing programs like this publicly,” Clapper concluded, “will have an impact on the behavior of our adversaries and make it more difficult for us to understand their intentions.”
........................
.

As we all scramble to become cybersecurity scholars, here's a handy guide to Section 215, the part of the Patriot Act that authorized the National Security Agency to collect cell data from Verizon and also possibly data for its PRISM program.

What is Section 215?

To understand Section 215, you first need to read Section 103(a) of the 1978 Foreign Intelligence Surveillance Act, which established the FISA court system that grants the government permission to conduct electronic surveillance.

The relevant section:

The Chief Justice of the United States shall publicly designate seven district court judges from seven of the United States judicial circuits who shall constitute a courtwhich shall have jurisdiction to hear applications for and grant orders approving electronic surveillance anywhere within the United States under the procedures set forth in this Act, except that no judge designated under this subsection shall hear the same application for electronic surveillance under this Act which has been denied previously by another judge designated under this subsection.

Under Section 215, the government can apply to the FISA court to compel businesses (like Verizon) to hand over user records. Here's what Slate wrote about Section 215 in a 2003 guide to the Patriot Act:

As Section 215 stands today—in the reauthorized version of the Patriot Act passed in 2005—"tangible things" (aka user data) sought in a FISA order "must be 'relevant' to an authorized preliminary or full investigation to obtain foreign intelligence information not concerning a U.S. person or to protect against international terrorism or clandestine intelligence activities." It also established congressional oversight for the FISA program, requiring the DOJ to conduct an audit of the program and the "effectiveness" of Section 215, and to submit an unclassified report on the audit to the House and Senate Committees on the Judiciary and Intelligence.

That was during the Bush administration. How has the Patriot Act changed since President Obama was elected?

Not very much. Sen. Obama voted to reauthorize the Patriot Act in 2005, a decision hedefended on the campaign trail in 2008 with the caveat that some provisions contained in Section 215, like allowing the government to go through citizens' library records, "went way overboard." But in 2011 President Obama signed a bill to extend the Patriot Act's sunset clause to June 1, 2015—with Section 215 intact in its 2005 form.

Did the NSA also use Section 215 to obtain Internet data for its PRISM program?

This is less clear, but the leaked PRISM program documents seem to indicate yes. The PRISM presentation seems to imply that Section 215 applies not only to phone metadata but also to email, chats, photos, video, logins, and other online user data. Referring to the type of data the government is allowed to collect as "tangible things" allows a pretty wide berth for interpretation.

As Americans learned more this week about the kinds of records being obtained by the U.S. government, some have noted that the Patriot Act, first passed after 9/11, is at the root of some of the authorities claimed by the Obama administration.
In 2011, Congress approved legislation to renew some of those authorities to obtain records, though passage was delayed by Sen. Rand Paul, the tea party Republican from Kentucky who warned about the federal government’s power.
Here are some of his comments from the Senate floor. He was trying to get a vote on some amendments to the bill.

“There are dangers to allowing the government to snoop through our records. It doesn’t mean we don’t want to stop crime, we don’t want to stop terrorism. It means we need to have a rule of law, and we need to pay attention to the rule of law.

“We proposed several amendments. One of them went through the Judiciary Committee. It was deliberated. It was amended. It was passed with bipartisan support, but we won’t get a vote on it. It disappoints me that they are afraid to debate this on the Senate floor, and we will get no vote on amendments that were offered seriously to try to reform the PATRIOT Act to take away some of the abuses of it.

“We offered three amendments to the PATRIOT Act . One was on the gun records. That apparently unhinged people who are afraid of voting on any gun issues. Because of that, we are all going to be denied any debate or votes.

“Some will say: Oh, you are going to keep your colleagues here until 1 in the morning. Well, I think when they are here tonight at 1 in the morning, maybe they will think a little bit about why they are here and why we had no debate and why we had the power to have the debate at any point in time. I have agreed and said we can have a vote on the PATRIOT Act in an hour or 2 hours. We could have had a vote on the PATRIOT Act yesterday. But I want debate, and I want amendments. I think that is the very least the American people demand and this body demands, that there be open and deliberate debate about the PATRIOT Act .

“One of our other amendments has to do with destroying records. Some of these records they take from us through the bank spying on us, or the government spying on us, are not destroyed. I think these records should be destroyed at some point in time.

“For goodness’ sakes, if you are not a terrorist, why are they keeping these records? There ought to be rules on the destruction of these records if you are not a terrorist and they are not going to prosecute you.

“The fourth amendment says we should name the place and the person. We have one wiretap called the John Doe. They don’t name the place or the person, and they are not required to. I think we should. Now, are there times when it might be a terrorist when we say, well, we don’t want to name the person? We don’t have to name them in public. We could name them to the FISA commission. I do not object to them being named and the name being redacted, but the name should be presented to the judge who is making the decision. I want a judge to make a decision.

“James Otis–part of our revolution–for the 20 years leading up to the American Revolution, there was a debate about warrants. They issued what were called writs of assistance. They are also called general warrants. They weren’t specific. They didn’t say what crime one was being accused of, and the soldiers came into our houses. They would lodge soldiers in our houses, and they would enter into our houses without warrants. The fourth amendment was a big deal. We had passed the fourth amendment, and it was one of the primary grievances of our Founding Fathers.

“I don’t think we should give up so easily. I don’t think we should be cowed by fear and so fearful of attack that we give up our liberties. If we do, we become no different than the rest of the countries that have no liberties. Our liberties are what make us different from other countries. The fact that we protect the rights, even of those accused of a crime–people say, well, gosh, a murderer will get a trial. Yes, they will get a trial because we don’t know they are a murderer until we convict them. We want procedural restraints.

“People say: You would give procedural restraints for terrorists? I would say at the very least, a judge has to give permission before we get records. The main reason is because we are not asking for 10 records or 20 records or 40 records of people connected to terrorism. We are asking for millions of records.

“There are people in this room today who have had their records looked at. It is difficult to find out because what happens–here is the real rub, and this is how fearful they were. When the PATRIOT Act was passed shortly after 9/11, they were so fearful that they said: If a letter, a demand letter, a national security letter asks for records, you are not allowed to tell your attorney. You were gagged. If you told your attorney, they could put you in jail for 5 years. It is still a crime punishable by 5 years in jail.

“If I have Internet service and they want my records on somebody, they don’t tell me or a judge. We have no idea. There is no probable cause. This person might be relevant, which could mean anything, however tangential. If I don’t reveal those records, I go to jail. If I tell my wife they are asking for my records, I could go to jail.

“This secrecy on millions of records, this trolling through millions of records is un-American. It is unconstitutional. They have modified the Constitution through statutory law. We have given up our rights. It should be two-thirds of this body voting to change the Constitution and three-fourths of the States. We did it by 50 percent with one bill. The bill was hot when it came here. There was one copy of it. No one read it.

“I came from the tea party, and I said: We must read the bills. I propose that we wait 1 day for every 20 pages so we are ensured they are reading the bills. The PATRIOT Act was hundreds of pages long and nobody read it. Not one person read it because it wasn’t even hardly printed. There were penciled edits in the margin, and it was passed because we were afraid.

“But we can’t be so afraid that we give up our liberties. I think it is more important than that. I think it is a sad day today in America that we are afraid to debate this. The great constitutional questions such as this, or great constitutional questions such as whether we can go to war with just the word of the President, these great constitutional questions are not being debated because we are so fearful of debate.

“I urge the Senate to reconsider. I urge the Senate to consider debating the PATRIOT Act , to consider amendments, and to consider the Constitution.

“Thank you. I yield the floor.”

....

Officer Gen. Keith Alexander, who heads the US Cyber Command and National Security Agency, announced on Tuesday that the US is developing 40 new teams of cyber support teams to be ready by 2015. This move comes after the highly publicized cyber-attacks on American companies and of the 40 teams, 13 of them will be responsible for deploying attacks on other countries. So what does this mean for America's cybersecurity and the face of future warfare? RT's Andrew Blake joins us to discuss the latest developments.http://www.wired.com/threatlevel/2013/06/presidential-cyber-targets/
....Four years after the U.S. and Israel allegedly launched the first known cyberweapon against Iran, President Barack Obama ordered U.S. intelligence agencies to draw up a list of overseas targets for possible offensive U.S. cyberattacks, according to a top-secret presidential directive obtained by theGuardian.

The 18-page directive issued last October states that “The secretary of defense, the DNI [Director of National Intelligence], and the director of the CIA … shall prepare for approval by the president through the National Security Advisor a plan that identifies potential systems, processes and infrastructure against which the United States should establish and maintain OCEO capabilities….”

The directive defines Offensive Cyber Effects Operations, or OCEO, as “operations and related programs or activities … conducted by or on behalf of the United States Government, in or through cyberspace, that are intended to enable or produce cyber effects outside United States government networks.”

Such operations, the document notes, “can offer unique and unconventional capabilities to advance U.S. national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging.”

The revelation — one of a string of classified leaks published by the Guardian this week — provides a full look at a directive that until now has only been partially disclosed.

Earlier this year, the administration declassified portions of the directive, but these only discussed intrusion detection systems for protecting federal computer networks and the government’s role in securing critical infrastructure. They did not discuss the nation’s plans to initiate offensive cyber operations against foreign targets, a highly controversial topic that has become even more so in light of the administration’s plans to confront China this week for its role in cyberespionage attacks against U.S. government and private networks.

A senior administration official downplayed the offensive cyber plans, telling the Guardian anonymously that it was the natural evolution of things.

“Once humans develop the capacity to build boats, we build navies. Once you build airplanes, we build air forces,” he told the paper.

The deadline for drawing up the list of attack targets was to be six months after the directive’s approval.

The directive not only discusses attacking foreign targets, but authorizes the use of offensive cyber attacks in foreign nations without the consent of those nations, whenever “US national interests and equities” require such nonconsensual attacks.” This presumably involves not attacking foreign government systems but hacking or otherwise attacking systems that are simply located in a foreign country and are engaged in attacks on the U.S. and present an imminent threat.

The directive also discusses possible cyber actions within U.S. borders, but states that any actions “intended or likely to produce cyber effects within the United States” would require the approval of the president, except in the case of an emergency, when the Defense Department and other agencies would be authorized to conduct such domestic operations without presidential approval.

The document does assert that all U.S. cyber operations should conform to U.S. and international law and only work as a complement to diplomatic and military options, and that presidential approval would be required for any actions that were “reasonably likely to result in significant consequences” such as the loss of life, property damage, severe retaliation or adverse foreign policy and economic impacts.

Among the risks and assessments to be considered were the possible impact an offensive cyberattack would have on intelligence-gathering, the risk of retaliation, the impact on the stability and security of the internet, the political risks and gains, and the establishment of unwelcome norms of international behavior.

The criteria for offensive cyber operations in the directive is not limited to retaliation for attacks against the U.S. but can also be approved if they would advance “US national objectives around the world.”

The directive comes at least four years after the U.S. is believed to have launched the first known cyberweapon in space to attack centrifuges at a uranium enrichment facility in Iran. The New York Times and Washington Post have reported that high-level sources within the current and former U.S. administrations saying that the U.S. and Israel were responsible for the worm, known as Stuxnet, which reportedly damaged some of the centrifuges.

“Acts that kill or injure persons or destroy or damage objects are unambiguously uses of force” and likely violate international law, according to the Tallinn Manual on the International Law Applicable to Cyber Warfare, a study produced by a group of independent legal experts at the request of NATO’s Cooperative Cyber Defense Center of Excellence in Estonia.

Acts of force are prohibited under the United Nations charter, except when done in self-defense, Michael Schmitt, professor of international law at the U.S. Naval War College in Rhode Island and lead author of the study, told the Washington Times when the report was published.

It has relied increasingly on secret evidence and closed
tribunals, not only in Guantanamo, but here in the United
States. It has initiated secret programs involving
surveillance, detention, and interrogation, some of the details
of which remain unavailable today, even to Congress.

These examples are the topic of much discussion and
concern, and appropriately so. But there is a particularly
sinister trend that has gone relatively unnoticed: the
increasing prevalence in our country of secret law.

The notion of secret law has been described in court
opinions and law treatises as ``repugnant'' and ``an
abomination''. It is a basic tenet of democracy that the people
have a right to know the law. In keeping with this principle,
the laws passed by Congress and the case law of our courts have
historically been matters of public record. When it became
apparent in the middle of the 20th century that Federal
agencies were increasingly creating a body of non-public
administrative law, Congress passed several statutes requiring
this law to be made public for the express purpose of
preventing a regime of secret law.

That purpose today is being thwarted. Congressional
enactments and agency regulations are, for the most part, still
public. But the law that applies in this country is determined
not only by statutes and regulations, but also by the
controlling interpretations of courts and, in some cases, the
executive branch. More and more, this body of executive and
judicial law is being kept secret from Congress as well.